Page 1 of 1

URIBL_BLOCKED

Posted: 15 Jan 2015 04:25
by Michaelv
Hi All,

Just to make some users aware.
if you check your Reports -> Spamassassin Rule Hits.

If you see that is affecting a lot of your emails (based on the count vs the total emails). For me during testing, it was 99% of emails hit this rule.

This means that you are using your ISP or some public DNS servers like Google(8.8.8.8)

The reason is that these DNS is doing too much lookups to those RBL DNS. These RBL DNS blocks request above a certain number of queries per IP unless you are a paid subscriber.

To avoid that, ideally you should have your DNS recursor that does direct queries to these RBL DNS. This allows these RBL DNS to only see your recursor IP and not mix with hundreds of other anti-spam servers requests.

For me, I disabled the dnsmasq and installed unbound recursor within the same vm.
Unbound is nice because you can specify the amount of memory to use for dns cache and its own memory footprint is small which is important if you have a memory limit.
named has a fixed memory limit but its own code is bloated and uses memory. Powerdns recursor cache size is based on number of entries which is a bit tricky to manage memory utilisation.

Regards,

Michael

Re: URIBL_BLOCKED

Posted: 16 Apr 2015 06:59
by darky83
Made the post sticky as it seems more and more users are running in to this issue.

Re: URIBL_BLOCKED

Posted: 16 Apr 2015 09:04
by pdwalker
linked to the wiki

Re: URIBL_BLOCKED

Posted: 22 Apr 2015 21:19
by Mcoulianos
Can we get more of an explanation on this? I'm getting a ton of delayed emails coming from google mail servers ever since the 3.0.0.7 update and as soon as I whitelist an address the delays stop so its definitely something in E.F.A. causing them. Not seeing anything on the wiki regarding this.

Re: URIBL_BLOCKED

Posted: 23 Apr 2015 00:35
by pdwalker
Delayed mail <> URIBL_BLOCKED

Your issue is different, if I'm understanding what you've said correctly. Your issue sounds like you don't like grey listing.

Re: URIBL_BLOCKED

Posted: 17 May 2015 19:18
by thebjorn
Ok, so I've followed the instructions at http://tecadmin.net/setup-caching-names ... os-redhat/ to install a caching nameserver on the efa box. I've also updated the primary dns under option 4 -> 4 of the EFA config program. I'm still getting the error.

When I try the command listed to test the setup I get

Code: Select all

[root@efa3 MailScanner]# host -tTXT 3.0.0.127.multi.uribl.com
3.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 74.125.74.81]"
74.125.74.81 is apparently a google ip, but I have no idea where it is coming from..?

I've restarted the named service, do I need to reboot the entire system? (or am I going in the entirely wrong direction?)

Re: URIBL_BLOCKED

Posted: 17 May 2015 19:39
by thebjorn
I knew I'd find the solution as soon as I posted the question ;-) Based on the bug report (https://github.com/E-F-A/v3/issues/150) I ended up at a commit (https://github.com/E-F-A/v3/commit/34e2 ... f3e78c018d) where I noticed that dnsmasq is a service... A quick

Code: Select all

service dnsmasq restart
and it is working from the command line

Code: Select all

[root@efa3 MailScanner]# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"
.. and the errors are gone -- yay :-)

Re: URIBL_BLOCKED

Posted: 18 May 2015 02:57
by shawniverson
The next update will fix this permanently for users affected.

Re: URIBL_BLOCKED

Posted: 02 Jun 2015 14:16
by thebjorn
After my success message above, I got a message from gmail saying:

<xxx@mydomain.com>: mail for [email.mydomain.com] loops back to myself

so obviously something wasn't correctly configured. I forget what I did to get it working again, but during the upgrade this problem popped up again - after the kernel update and preventing the EFA-Update from working (something like "downloaded version file is corrupt" - I forgot to take a copy of the message).

I uninstalled (yum remove) bind and bind-chroot, reset the DNS to our domain controller, rebooted, and was able to run EFA-Update. Mail is again flowing, but I'm still getting

0.00 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/Dns ... nsbl-block for more information.

Was this supposed to be fixed in the 3.0.0.8 release?

Re: URIBL_BLOCKED

Posted: 02 Jun 2015 14:54
by shawniverson
You will need to turn on full recursive DNS on your EFA appliance.

EFA-Configure --> 4) IP Settings -->4) DNS Recursion

Make sure your EFA can query DNS outbound on port 53.

Re: URIBL_BLOCKED

Posted: 02 Jun 2015 15:47
by thebjorn
You're awsome! :clap:

Re: URIBL_BLOCKED

Posted: 07 Dec 2017 10:49
by sxfx
I'm using DNS Recursion but i'm getting the block message. Any ideas?

Re: URIBL_BLOCKED

Posted: 08 Dec 2017 07:41
by pdwalker
Verify your DNS settings.

Are you really recursing? or are you actually using someone else's DNS server to make the query on your behalf?

Are you using a shared IP?

Re: URIBL_BLOCKED

Posted: 08 Dec 2017 13:37
by sxfx
Hello! Here some things:

[root@efa /]# cat /etc/resolv.conf
nameserver 127.0.0.1


[root@efa /]# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"

I only see this message"ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/Dns ... nsbl-block for more information." when i test my dkim against http://dkimvalidator.com

This message is to they or for me?

Can you send a email test to http://dkimvalidator.com (they will geive you a random mail to test)

And.. how I debug it on my box? /var/log/maillog show nothing. Thanks

Re: URIBL_BLOCKED

Posted: 09 Dec 2017 00:39
by henk
As pdwalker stated
Verify your DNS settings. -What dns server do you use?
Could you list the content of
  • 1. /etc/unbound/unbound.conf
    2. /etc/unbound/conf.d/forwarders.conf
and list stats

Code: Select all

unbound-control stats_noreset |grep total 
Dig multiple times and check the query time. ( should be ;; Query time: 0 msec)

Code: Select all

dig @127.0.0.1  dcc.nova53.net

Re: URIBL_BLOCKED

Posted: 11 Dec 2017 15:14
by sxfx
/etc/unbound/unbound.conf
https://pastebin.com/asuWcuS6

/etc/unbound/conf.d/forwarders.conf
https://pastebin.com/nCW3X6Vz

[root@efa ~]# unbound-control stats_noreset |grep total
https://pastebin.com/qEEbAtS4

Thanks!

Re: URIBL_BLOCKED

Posted: 11 Dec 2017 23:16
by henk
Hi sxfx,

Your config is the default config and seems to work fine. ( from your EFA machine viewpoint)

As your resolv.conf points to-> nameserver 127.0.0.1 What is your DNS server to forward dns requests?

Since DNS queries are expected to come from verifiable IP addresses, and 127.0.0.1 cannot be mapped to a public IP address, the query probably failed because the RBL / BRBL could not identify a public IP address.On top of that its generally limited to no more than 100K queries from ANY SINGLE DNS SERVER IP ADDRESS in a given day.( So try point to a LOCAL DNS SERVER, with a PUBLICALLY MAPABLE IP ADDRESS)

You could force a forwarding dns server in /etc/unbound/conf.d/forwarders.conf

Code: Select all

forward-zone:
  name: "."
  forward-addr: xxx.xxx.xxx.xxx      # Forward dns server IP
  forward-first: yes
Or take a look at viewtopic.php?t=2567

Re: URIBL_BLOCKED

Posted: 19 Jul 2019 06:55
by Janvhirashe
I was facing the same problem, but know it has fixed. There is no problem know.

Re: URIBL_BLOCKED

Posted: 28 Jan 2020 13:42
by BarkingMail
I'm running a fresh EFA 4.0.1 and I have the above mentioned problems.
Based on the post bove thought it was already patched on 4.0.1, would someone instruct me how to solve it?

1.00 SURBL_BLOCKED ADMINISTRATOR NOTICE: The query to SURBL was blocked. See http://wiki.apache.org/spamassassin/Dns ... nsbl-block for more information.
0.00 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/Dns ... nsbl-block for more information.

Thanks!

Re: URIBL_BLOCKED

Posted: 11 Feb 2020 13:59
by kris240376
I'm running eFa 4 as well and I'm getting the URIBL_BLOCKED error as well. Looking at the console I'm noticing that DNS Recursion is enabled:

4) IP Settings
10) DNS Recursion <-- ENABLED

Looking at the help for the DNS Recursion setting it would appear that setting this value to enabled would fix the URIBL_BLOCKED issue but it doesn't. Is this setting supposed to configure the machine to use unbound for DNS? Or does this setting only enable and start the unbound service and I'm supposed to edit the required file so that spamassassin uses the correct DNS server?

I checked in /etc/resolv.conf and noticed that NetworkManager is placing the actual DNS server for my network there. I was expecting to see 127.0.0.1 in this file after enabling DNS Recursion.

I also checked in /etc/mail/spamassassin/local.cf for the dns_available and dns_server settings but they aren't there. I was expecting to see the following in /etc/mail/spamassassin/local.cf after enabling DNS Recursion:

dns_available yes
dns_server 127.0.0.1

Re: URIBL_BLOCKED

Posted: 11 Feb 2020 14:16
by kris240376
Looked at this a bit more and it would seem that there are some spamassassin configuration files located in the /etc/MailScanner directory as well.

It looks like the dns_enabled and dns_server settings would go in the /etc/MailScanner/spamassassin.conf file.

Thanks,

Re: URIBL_BLOCKED

Posted: 12 Feb 2020 09:22
by shawniverson
I ran into this issue on a cloud instance, turned out that cloud-init was overwriting DNS in /etc/resolv.conf :oops:

Re: URIBL_BLOCKED

Posted: 13 Feb 2020 15:55
by kris240376
Shawn,

Should the behavior be that whenever you enable DNS Recursion the /etc/MailScanner/spamassassin.conf file gets updated with the following:

dns_available yes
dns_server 127.0.0.1

According to this, https://cwiki.apache.org/confluence/dis ... Nameserver (the Using section), it would prevent the case where /etc/resolv.conf gets overwritten by NetworkManager. I won't be able to test whether adding these two lines will fix this issue until later this evening.

Re: URIBL_BLOCKED

Posted: 14 Feb 2020 13:43
by kris240376
Setting the following in /etc/MailScanner/spamassassin.conf didn't work:

dns_available yes
dns_server 127.0.0.1

I resorted to using Network Manager command-line tool to update the DNS settings for my install:

> nmcli con mod <connectionName> ipv4.dns "127.0.0.1"
> nmcli con mod <connectionName> ipv4.ignore-auto-dns yes
> nmcli con down <connectionName>
> nmcli con up <connectionName>

Be careful bringing your interface down if you are remoted into the machine via SSH; you won't be able to bring the machine's interface back up. One option would be to run the commands under screen:

> screen "nmcli con down <connectionName>; nmcli con up <connectionName>"

Re: URIBL_BLOCKED

Posted: 15 Feb 2020 14:46
by shawniverson
Do you think we need eFa to do this out of the box so that DNS doesn't get overridden?